We just deployed new SSL certificates for some of our services. Sending e-mails via our mail server no longer requires the import of our root CA certificate beforehand, but may require a restart of your e-mail client. Internal websites (like account management and password changing) or websites which are hosted by us and don't end in .ethz.ch got new certificates signed by our new root CA certificate. To avoid annoying and irritating warnings, we recommend you import our root CA certificate into your web browser.

The new root certificate will be installed in the web browsers on our managed workstations within the next days, too.

In the past all HTTPS secured web sites hosted or provided by us used certificates issued by ourselves. This caused unsettling warnings in most browsers as the user had to manually add the root certificate of our certification authority (CA) to his web browser.

To allow SSL certificates other than those signed by ourselves, namely certificates automatically accepted by all browsers, but also community-backed CACert certificates issued by ETH ID, we will change the configuration of our web server zwoelfi this evening. This may cause some short interruptions to some of the hosted sites, but should not be of longer duration.

Some of these web sites will get already new SSL certificates issued by QuoVadis (accepted by nearly all browsers by default) this evening.

Update Friday, 1. Oct. 2010, 21:00h: Due to several unexpected issues with the new QuoVadis certificate, for now the webserver runs again with the old ISG signed SSL certificate on all virtual hosts.

Update Thursday, 7. Oct. 2010, 23:00h: Most of the issues with the new QuoVadis certificate are solved now and all virtual hosts planned for the QuoVadis SSL certificate use it now again.

(more…)